Elasticsearch Cluster
This section explains the installation and configuration of Elasticsearch (ES) on a Cluster (three nodes).
Notice
- The number of ES nodes you use in a cluster should be odd. The minimum number of nodes you can use in a cluster is 3. 
- To avoid a split-brain, specify an appropriate value for the discovery.seed_hosts parameter. To determine it, follow the rule N/2+1, where N is the number of nodes in the cluster. In a three-node cluster, the parameter should be set to 2 (3/2+1=2 - rounded down to the nearest integer). 
Install and configure the Elasticsearch cluster
On Linux
Perform the following steps on Linux:
- Download Elastic Search 8.6.2 
- Unzip the file in a preferred location using the command tar -xvf elasticsearch-8.6.2-linux-x86_64.tar.gz on all cluster nodes. 
- Go to {directory}/elasticsearch-8.6.2/bin folder. 
- Run Elasticsearch with the ./elasticsearch command. 
- When you run ES in a terminal for the first time you get a password on the terminal (As default elastic search will run as HTTPS). You must note down the password.  
- Open the {directory}/elasticsearch-8.6.2/config/elasticsearch.yml file for each node for editing. Configure the node in the following way: - To run ES on HTTP and to make ES a cluster, refer to the following sample elasticsearch.yml file: 
Elasticsearch Node1
network.host: 0.0.0.0 cluster.name: logging-prod node.name: node-1 xpack.security.enabled: false xpack.security.enrollment.enabled: false xpack.security.http.ssl: enabled: false xpack.security.transport.ssl: enabled: false discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] http. host: 192.168.11.57
Elasticsearch Node 2
network.host: 0.0.0.0 cluster.name: logging-prod node.name: node-1 xpack.security.enabled: false xpack.security.enrollment.enabled: false xpack.security.http.ssl: enabled: false xpack.security.transport.ssl: enabled: false discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] http. host: 192.168.11.227
Elasticsearch Node 3
network.host: 0.0.0.0 cluster.name: logging-prod node.name: node-1 xpack.security.enabled: false xpack.security.enrollment.enabled: false xpack.security.http.ssl: enabled: false xpack.security.transport.ssl: enabled: false discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] http. host: 192.168.11.193
7. Start ES on all nodes.
8. Check the cluster health once all nodes have started. To check the cluster health, execute the following cURL command:
curl -XGET 'http://localhost:9200/_cluster/health'
9. Install the Zephyr Enterprise application with ES host URL as:
http://192.168.0.1:9200,http://192.168.0.2:9200,http://192.168.0.3:9200
On Windows
Perform the following steps on Windows:
- Download Elasticsearch 8.6.2 
- Unzip the file in the preferred location. 
- Open the command prompt as an administrator and go to {directory}\elasticsearch-8.6.2\bin path. 
- Run ES with the elasticsearch.bat command. 
- Stop Elasticsearch. 
- Open the {directory}\elasticsearch-8.6.2\config\elasticsearch.yml file for each node for editing. Configure the node in the following way: - To run ES on HTTP and to make ES a cluster, refer to the following sample elasticsearch.yml file: 
Elasticsearch Node1
network.host: 0.0.0.0 cluster.name: logging-prod node.name: node-1 xpack.security.enabled: false xpack.security.enrollment.enabled: false xpack.security.http.ssl: enabled: false xpack.security.transport.ssl: enabled: false discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] http. host: 192.168.11.57
Elasticsearch Node 2
network.host: 0.0.0.0 cluster.name: logging-prod node.name: node-1 xpack.security.enabled: false xpack.security.enrollment.enabled: false xpack.security.http.ssl: enabled: false xpack.security.transport.ssl: enabled: false discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] http. host: 192.168.11.227
Elasticsearch Node 3
#ES Node 3: network.host: 0.0.0.0 cluster.name: logging-prod node.name: node-1 xpack.security.enabled: false xpack.security.enrollment.enabled: false xpack.security.http.ssl: enabled: false xpack.security.transport.ssl: enabled: false discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"] http. host: 192.168.11.193
7. Start ES on all nodes.
8. Check the cluster health once all nodes have started. To check the cluster health, execute the following cURL command:
curl -XGET 'http://localhost:9200/_cluster/health'
9. Install the Zephyr Enterprise application with ES host URL as:
http://192.168.0.1:9200,http://192.168.0.2:9200,http://192.168.0.3:9200
Enable TLS 1.2 and 1.3 versions for Elasticsearch
You need to add the following two lines to the elasticsearch.yml file:
xpack.security.http.ssl: supported_protocols: TLSv1.3, TLSv1.2 xpack.security.transport.ssl: supported_protocols: TLSv1.3, TLSv1.2
The following is the sample YML file:
Cluster.name: zephyr node.name: node-1 http.port: 9200 network.host: 192.168.0.1 xpack.security.enabled: true xpack.security.enrollment.enabled: true xpack.security.http.ssl: Enabled: true keystore.path: certs/http.p12 supported_protocols: TLSv1.3, TLSv1.2 xpack.security.transport.ssl: enabled: true verification_mode: certificate keystore.path: certs/transport.p12 truststore.path: certs/transport.p12 supported_protocols: TLSv1.3, TLSv1.2 http.host: 0.0.0.0 indices.query.bool.max_clause_count: 9024 action.auto_create_index: ".watches,.triggered_watches,.watcher-history-*,-zephyr*,+*"
Connect Zephyr to Elasticsearch
ES must be running before you install Zephyr Enterprise. You connect Zephyr to ES during the product installation. To do this, specify either the IP address of your ES server or its host name, depending on the settings you have selected in the elasticsearch.yml file.
Cluster installation
Specify the following IP addresses and port numbers when prompted to configure ES. Use commas to separate them:
http://192.168.0.1:9200,http://192.168.0.2:9200,http://192.168.0.3:9200